Stay Malware Free (Hopefully!) – Scan With A “Live CD” Regularly

imageI’m regularly asked how often I scan my primary personal machine for malware. The answer is – as part of a layered security approach, I have a formal schedule which I stick to without fail.

Once a day, I quick scan the system drive with both Microsoft Security Essentials, and Malwarebytes’ Antimalware – making sure the databases are updated and current.

Running a quick scan with both these applications, takes less than 5 minutes. For example: Malwarebytes’ – 150,000 objects – 2 minutes and 30 seconds. Microsoft Security Essentials – 30,000 items – 1 minute and 18 seconds.

Much of today’s malware though, can be extremely difficult to identify and remove – despite a user relying on frontline antimalware applications to do the job. So, I don’t see any advantage in running full scans on a live system – instead, once a week I run a Linux-based antimalware application (a live CD), which scans from the outside looking in. Malware generally can’t hide if it’s not running.

I’ve come to rely on the following free live CDs, which I regularly alternate, to ensure (hopefully), I’m operating in a malware free zone.

Panda SafeCD

Click to see larger images

This useful utility comes in handy when you need to clean a malware infected machine. Or, as in my case, to ensure a machine is not infected. It is particularly useful for detecting and disinfecting malware infections which give regular AV products running within Windows a hard time.

Features include: Automatic detection and removal of all types of malware. Boot from CD or USB stick. Supports using updated signature files. Supports 13 languages. Supports both FAT and NTFS drives.

The download consists of an ISO. You can either burn this to a CD/DVD or alternatively, create a Boot USB stick by using something like the Universal Netboot Installer (UNetbootin).

Kaspersky Rescue Disk 10

image

Kaspersky Rescue Disk 10, is designed to scan and disinfect x86 and x64-compatible computers that have been infected. Particularly useful when the infection is at such level that it is impossible to disinfect the computer using anti-virus applications, or malware removal utilities, running under the operating system.

Note: Kaspersky Rescue Disk 10 can be run from a USB device.

Avira AntiVir Rescue System

image

Avira AntiVir Rescue System is a Linux-based application that allows you to access a system that cannot be booted anymore. Not only will this application scan the system for infections, but it can be used to repair a damaged system, or rescue data.

If you’re looking for an uncomplicated, reasonably quick booting alternative antimalware scanner/rescue CD, which will update the definition database automatically (assuming you’re connected to the Internet), any one of these freebies will do the job nicely.

In the constantly evolving world of cybercrime, all users are well advised to scan their computers regularly with an antimalware application that does not rely on the native operating system.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

24 Comments

Filed under 64 Bit Software, Anti-Malware Tools, downloads, Free Anti-malware Software, Freeware, Kaspersky, Linux, Malware Removal, Malwarebytes’ Anti-Malware, Panda Security, Software, USB, Windows Tips and Tools

24 responses to “Stay Malware Free (Hopefully!) – Scan With A “Live CD” Regularly

  1. Mal

    Hey Bill,
    Funny how our approach is so much the same. Probably why I make your blog one of my first stops in the morning. I do really like Avira for a “Live CD” scan (again, you put me onto this quite a while ago), and I do quick scans with MSE, Malwarebytes, Superantispyware, and Hitman Pro on a regular basis.
    One thing I am going to do is start alternating them, as you suggest. A good idea.
    Cheers

    • Hey Mal,

      Two peas in a pod – great minds think alike…….. 🙂

      Best,

      Bill

      • Mal

        Hey Bill,
        A quick question, because I don’t know the answer. How safe is it being connected to the internet when running, say Avira Rescue Disk, without any protection running. I turn off the internet connection as I always download the latest version, which I assume contains the latest database update.
        Cheers

        • Hey Mal,

          Now there’s a thinking geek’s question!

          In the “what if” world, anything is possible of course. But, in the “real” world, given that most rescues disks are running Linux in memory (some run a version of DOS), and not Windows, the chances of becoming infected while connected to an AV site for a short time, are astronomically low (non-existent is more like it). Given that 99% of intrusions (including the “sophisticated” Stutnex worm), are caused by careless users, you certainly have nothing to worry about.

          Best,

          Bill

          • Mal

            Thanks Bill.
            I thought it would be safe, seeing as how updating online is mentioned in the article. But I had to ask, so I didn’t have that niggling “what if” at the back of my brain lol.
            Cheers

  2. Anonymous

    Hi Bill,

    Here’s what I do to stay malware free:
    -Use AV of choice (i.e. Avira,Avast)
    -Use of HIPs and firewall (i.e. Comodo,Online Armor)
    -Use of on-demand scanners (i.e. Hitman Pro, MBAM)
    -Use of a sandbox for web-browsing,reading PDFs,etc. (i.e. Sandboxie, Bufferzone)
    -Use of a dns filtering service (i.e. Clear Cloud, Norton DNS)
    -Firefox browser add-ons (i.e. Noscript, Adblock plus)
    -And a clean system image in case anything gets by(i.e. Acronis, Macrium Reflect)
    -A password manager (i.e. Keepass,Lastpass)
    -A live linux cd for banking and other online transactions

    I don’t remember the last time I was infected. And on the plus side, you have free alternatives for each of these programs.

    PHX

  3. Keith

    I love Malwarebytes Antimalware, but I noticed it doesn’t really remove tracking cookies. For those I use SuperAntispyware Portable. Its very slick and updates to the latest definitions by clicking the update button.

    • Hey Keith,

      Excellent advice, as usual.

      Your comment reminds me that I haven’t posted on SuperAntispyware (one of my all-time favorite apps), in almost a year. Gotta get on that. 🙂

      Good to hear from you.

      Bill

  4. John Bent

    Hi Bill,

    I was always taught to burn rescue files to CD rather than rewritable media, as this is supposedly more stable. However it is important to update these items regularly, so USB installation makes more sense as it avoids an ever-increasing collection of CD coasters and must be better for the planet.

    What are your thoughts on this?

    Kind regards
    John

    • Hi John,

      Old habits die hard. I must admit, that I still burn this type of app to CD/DVD-RW. It’s not necessary of course, since updating the detection database happens interactively, over the Net, once the the application has been launched. As well, most of these apps tend to be very stable with few, if any, major changes which would require a re-release. Given that the developers are not selling the app, there are few artificial “enhancements” driving updates. For example, I used Avira for over 2 years before a new release was issued, not so long ago.

      There are still some applications that do not update the detection database interactively (requiring a new burn for each use), but I wouldn’t recommend such an application.

      Great question for us “old timers”. 🙂

      Best,

      Bill

  5. Hi Bill,
    I’ve used Kaspersky Rescue CD to disinfect a computer that was totally unusable. It took over a day to clean it but it will work when disinfecting from within Windows is impossible.
    Take care
    Mark

    • Hey Mark,

      There ya go – reading my mind again. 🙂

      I reread your article on this for the 10th time, as well as on Trinity Rescue Kit, just yesterday. Two of the best articles I’ve ever read on this type of app.

      I actually plan to rerun both articles in the next week or so, since they set out in terrific detail just how valuable this type of app can be.

      Best,

      Bill

  6. Layton

    Hi,

    As alway’s another great article Bill 🙂

    Sorry to clog up your board but i need a little help.

    I have never burnt iso files before but it automatically asked to burn them with nero when i clicked the link’s, which i did.

    The problem is when i put 1 of the disc’s in the drive the autoplay only ask’s if i want to open file’s and when i do it’s just a load of folder’s and text document’s and the program dosn’t launch.

    sorry to clog up your board but these look like 3 great program’s to have and i am at a dead end as what to do.

    Thx for your time reading this.

    Layton

    • Hey Layton,

      This is an easy one to correct.

      All of these disk are self booting, since they run an operating system other than Windows. That means you cannot launch them from within Windows, but instead they will launch automatically when you start your machine – provided you have set your computer to boot from the optical drive.

      Here’s how to do that:

      Change the BIOS boot order so the CD or DVD drive is listed first. If the CD or DVD drive is not first in the boot order, your PC will start from the Hard Drive – as you’ve seen.

      Once you’ve done this – don’t change this setup. Personally, one of the first things I do when I buy a new machine is change the boot order. It’s just more convenient in the long run.

      Note: You may be prompted to press a key to boot from the CD/DVD, such as – “Press any key to boot from CD or DVD.”

      If you’re unsure as to how to change the BIOS boot order, then take a look at this set of instructions – Change the Boot Order in BIOS.

      Best,

      Bill

      • John Bent

        Hi Bill,

        On the subject of changing the boot order, is there any need to change back again afterwards? I’ve left mine with DVD/RW drive at the top and it seems to make no difference when booting to Windows 7 normally. Obviously if you left a disc in the drive it would try to boot from that but that’s just down to housekeeping really.

        Kind regards
        John

        • Hi John,

          No. In fact, this is my recommendation to Layton – “Once you’ve done this – don’t change this setup. Personally, one of the first things I do when I buy a new machine is change the boot order. It’s just more convenient in the long run.”

          We talked about “old habits” yesterday, and this is another of my old habits that actually still has real value. As you’ve noticed, there’s little, if any, discernible difference in boot time.

          Best,

          Bill

  7. Layton

    Hey Bill,

    Thank you for your responce and the link 🙂

    Bedtime here but i will be looking into it tomorrow when i rise.

    Again thanks for your time.

    Layton

  8. Pingback: Stay Malware Free (Hopefully!) – Scan With A “Live CD” Regularly « Jerry620′s Blog

  9. John Bent

    Hi Bill,

    ” When all else fails read the instructions”. Next time I’ll do so before commenting!

    Kind regards
    John

  10. Lech

    Hi Bill,

    I read this and “Turning USB Sticks into WMD”. Being not very
    technically savvy, I have a question:
    when one disables the autorun function to prevent surprises that
    might be waiting on a USB stick, one will not be able to run any type
    of rescue disc, unless one excludes an optical drive – is this right?
    Second, if the computer doesn’t see the USB, will disabling the
    autorun still work?